Advertisement

Google Bypasses Privacy, Puts Users’ Data on the Map

A netizen has found that Google has changed their domain structures to track users’ locations across their services.
Listen to this story

Google’s handling of user data has long been a subject of concern for data privacy enthusiasts. While the tech giant has undergone a comparatively low number of data breaches in recent history, its hold over the Android platform allows them to harvest an unprecedented amount of data. 

Now, Google is taking more steps to ensure the collection of user data across non-mobile devices as well. Recently, a netizen found that Google has changed their domain structures to include all their services under one parent domain. This means that any permissions given by the user for one google service, such as Google Maps, extend to all Google services under the domain. 

To understand why this is a serious privacy concern for users, we must first look at how domains work. There are two types of web directory management systems: subdomains and subdirectories

THE BELAMY

Sign up for your weekly dose of what's up in emerging technology.

Subdomains are treated as children of the parent domain, but they exist outside the main domain within a disparate partition. Subdirectories, on the other hand, are treated as part of the main domain as they are nothing but a page under the domain.

For instance, Google was previously using a subdomain for Google Maps, as seen by its URL ‘maps.google.com’.


Download our Mobile App



Now, they have switched to using a subdirectory, with the URL changing to ‘google.com/maps’. 

This means that the permission pop-up that appears when a website is trying to access the user’s camera, mic, or location, only needs to be accepted once across Google’s vast range of services. Then, Google can use these permissions for all their services without having to ask the users again.

As shown below, the user’s mic can be accessed from the Google search page, with camera permissions being granted from Google Meet. Location access can be granted through Google Maps, and this is likely to allow the search engine to track the user’s location even if they have not specifically given permission for it, or other applications. 

This skirts the line of legality when it comes to prominent data protection regulations like the GDPR and the American Data Privacy and Protection Act. 

The GDPR states that the provider’s privacy policy clearly mentions an explanation that the company must request consent for camera and mic access. Moreover, the company must also provide an explanation of their purposes for requesting camera access. India’s new privacy policy, on the other hand, has no legal purview regarding company’s usage of location data. Google’s Privacy Policy does not provide any clarity on these subjects.

In addition to this, location data is considered to be personal data under GDPR, with a huge chunk of the regulation being applicable to it. In the Google Chrome Privacy Policy, Google has a section on how it determines users locations and what it uses it for. However, while they specify that they won’t allow a site to access users’ locations without permission, they also state that they send data to Google Location Services to determine the user’s location. This data consists of information on nearby Wi-Fi routers, cell IDs of cell towers close to the user, and the user’s IP address. 

Any user wishing to use Google Maps for a short stretch of navigation will now be asked to give permission to Google to access their location. Upon providing this permission, Google can access this data at any time due to their new domain structure, allowing them to geo-track the user any time they have a Google website open. 

Along with Apple’s covert implementation of user tracking, this shows a disturbing trend in the tech sector, where companies are tracking users by operating in grey areas of regulations. 

Read: Square the Circle: Apple’s Privacy Play Lands It in Trouble… Again

The more sinister side of it, however, is the fact that these changes were made without any notification to users, creating another treasure trove of unsupervised surveillance data for tech giants to monetise using advertising. 

More Great AIM Stories

Anirudh VK
I am an AI enthusiast and love keeping up with the latest events in the space. I love video games and pizza.

AIM Upcoming Events

Conference, in-person (Bangalore)
Rising 2023 | Women in Tech Conference
16-17th Mar, 2023

Early Bird Passes expire on 10th Feb

Conference, in-person (Bangalore)
Data Engineering Summit (DES) 2023
27-28th Apr, 2023

3 Ways to Join our Community

Telegram group

Discover special offers, top stories, upcoming events, and more.

Discord Server

Stay Connected with a larger ecosystem of data science and ML Professionals

Subscribe to our Daily newsletter

Get our daily awesome stories & videos in your inbox
AIM TOP STORIES